topic "sql injection", and as far as I understood, it is not likely if
you use CakePHP's way of doing things.
However my site was SQL injected. I only write data using the model's
save() method. Where do I start to look for possible flaws? Is Auth
component known to have any? Do you see any flaws in the following
controller's method?
function submit($id = null) {
$this->set('page', 'submit');
if (!empty($this->data)) {
// additional fields
$this->data['Submission']['timestamp'] = date("Y-m-d
H:i:s");
$this->data['Submission']['user_id'] = $this->Auth->user
('id');
$this->Submission->create();
if ($this->Submission->save($this->data)) {
$this->Session->setFlash('Jūsų sprendimas priimtas.');
$this->redirect(array('action'=>'submissionlist'));
} else {
$this->Session->setFlash('Sprendimo priimti nepavyko.
Pabandykite dar kartą.');
}
}
else if ($id != null) {
$this->data['Submission']['task_id'] = $id;
}
$tasks = $this->Submission->Task->find('list',
array('conditions' => array('Task.published' => 1)));
$this->set(compact('tasks'));
}
I would appreciate any comments.
Linas
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
No comments:
Post a Comment